Wirecard Didn't Respond to Its Crisis. It Weaponized One.

On 23 June 2020, the chief executive of a company in Germany's blue-chip DAX index was arrested. Two days later that company filed for insolvency, conceding in a regulatory release that €1.9 billion of cash on its balance sheet 'probably does not exist.'¹ Not 'is delayed,' not 'is under review' — probably does not exist. The astonishing thing is not that the money was gone. It is that the world had been told, in specific and documented detail, for more than five years, and the entire German establishment had spent those years defending Wirecard and prosecuting the people pointing at the hole.

The official story is that Wirecard was a brilliant fraud, suddenly unmasked in the summer of 2020. The real story is the opposite: it was a poorly hidden fraud, defended for years by the institutions that were supposed to expose it. And the defense had a name nobody used at the time — it was called a crisis response.

Here is the thesis a smart friend can repeat at dinner: Wirecard's crisis response was not a response to the fraud. It was the fraud's final phase. Every tool the company reached for — legal threats, a special audit, a blame-shift to overseas banks — was engineered to do one thing: buy time and discredit the truth-tellers. And it worked, because the people meant to check Wirecard had already been captured by the story Wirecard sold them.

When the regulator attacks the journalists

A normal crisis response, when serious accounting allegations land, opens the books. Wirecard did the reverse — and so did its regulator. In February 2019, as the Financial Times pressed its reporting, BaFin banned short-selling of Wirecard shares for two months: the first single-firm short-selling ban in the agency's history. Then, in April, it filed criminal complaints against the journalists investigating the company. No charges ever resulted.³ Read that sequence again. Faced with a German company accused of inventing cash, the German regulator's instinct was to protect the share price and prosecute the press.

Why would a watchdog do that? Because it was watching the wrong animal. BaFin had no statutory authority over Wirecard's core technology business or its accounting; its remit reached only as far as Wirecard Bank AG, the banking subsidiary.⁴ So when allegations of fraud arrived, the institution best positioned to look couldn't, and instead defended the thing it could see — a market it believed was being manipulated. The gap in the law became a gap in scrutiny, and Wirecard's management understood that gap better than anyone. They didn't need to defeat the regulator. They only needed the regulator to defend them, and the national-champion narrative did the rest.

The audit that found nothing — and was sold as everything

By 2020 the pressure was too great to wave away with lawsuits, so Wirecard commissioned what looked like the gold-standard crisis move: an independent special audit by KPMG. The plan was to come out the other side cleared. The plan failed, and then the spin began. KPMG's April 2020 report — a primary document Wirecard itself posted on its own website — stated that it could not verify the majority of Wirecard's profits from 2016 to 2018, and could not conclusively assess the reliability of the bank confirmations underpinning the trust-account cash.² That is not a clean bill of health. That is an investigator telling you the evidence isn't there.

An honest crisis response treats an inconclusive audit as an alarm. Wirecard treated it as a trophy. Management publicly framed the report as confirming that the accusations had not been substantiated — converting 'we couldn't verify your billions' into 'nothing to see here.' This is the signature of the whole episode: the absence of proof, dressed up as proof of innocence. A black hole, sold as clear skies.

Blame the foreign banks that never knew you existed

When the cash finally had to be located, Wirecard pointed abroad: the €1.9 billion, it said, sat in trustee accounts at banks in the Philippines. It was the last move in a long con — relocate the problem to a jurisdiction far enough away to be hard to check. It didn't survive a phone call. Both BDO Unibank and Bank of the Philippine Islands denied having any business relationship with Wirecard, the supporting documents were found to be forged, and the Philippine central bank confirmed the money had never entered the country's financial system at all.⁶ The money wasn't misplaced. It was a story, and the story had run out of countries.

The same machinery turned up in Singapore. A separate set of forged paper — thirteen false balance-confirmation letters from a corporate-services firm, falsely attesting to more than €1.1 billion held in escrow — eventually produced criminal convictions years later, when a Singaporean court sentenced two men to ten and six-and-a-half years.⁷ The 'cash' was a paper trail manufactured to be believed by people who didn't want to look too hard. And for years, almost no one with the authority to look did.

How the gatekeepers became the guard

A crisis response this brazen only works if the gatekeepers cooperate, and Wirecard's did. Take the auditor. The popular account is that EY was simply fooled by a sophisticated fraud. The record is harsher. A parliamentary special investigator reviewed 90 gigabytes of EY's internal working papers and 40,000 emails and found that EY had raised red-flag indicators internally — then accepted mainly verbal and written explanations from executives and signed off anyway. Germany's audit oversight body, APAS, went so far as to inform prosecutors that EY may have acted criminally.⁵ An auditor that flags the risk, hears a story, and signs the page is not a victim of fraud. It is a part of the mechanism that lets fraud survive its own crisis.

Wasn't it just a brilliant, undetectable fraud?

The honest counter is that Wirecard's fraud was genuinely sophisticated — forged confirmations, real subsidiaries, a credible technology story — and that even good institutions get fooled by good liars. There is truth in that. But it cannot carry the weight people put on it, for one reason: the fraud was not undetectable. It was detected, repeatedly, and ignored. The specific, documented allegations were in print years before the collapse; the special audit could not find the cash months before the collapse; the regulator's own remedy was to shoot the messengers. This was not a perfect crime that finally cracked. It was a visible crime that finally became impossible to keep defending.

The reckoning, fittingly, is still unfinished and still slow. A civil court in Munich found Markus Braun and two other former board members liable for €140 million in fiduciary breaches in September 2024 — but a civil damages ruling is not a criminal verdict, and the criminal trial that opened in December 2022 had still not delivered one as of mid-2026, with hearings scheduled to run through the end of that year.⁸ The man who ran the operational machinery, COO Jan Marsalek, fled and remains a fugitive. The crisis response, in a grim sense, never ended. It simply changed venues.

Wirecard's defining lesson is not about accounting. It is about the difference between answering a crisis and managing the perception of one. A company that opens the books treats its critics as auditors. A company that sues its critics, captures its regulator, and sells an empty audit as a clean one has already told you what it is — you just have to read where the effort went. The €1.9 billion was never the secret. The secret was that everyone who could have looked had already decided not to. The hole was always there. The genius of the response was making the whole country agree not to see it — until the day it couldn't.